Attackers compromise Bank of India, embassy sites

It hasn’t been a good week for the Bank of India and a number of embassy IT shops around the world. According to several researchers, embassy Web sites are getting compromised and the Bank of India Web site has been taken over as a launching pad for malicious exploits.

According to Computerworld, usernames and passwords for more than 100 email accounts at embassies worldwide have been posted online. Using the information, the publication noted, anyone can access the accounts that have been compromised. The foreign ministry of Iran, the Kazakh and Indian embassies in the U.S. and the Russian embassy in Sweden are among those who have been hit.

Details of the Bank of India compromise are outlined in the blog of Sunbelt Software:

“We have discovered that the Bank of India’s site, bankofindia(dot)com is compromised and is serving malware. DO NOT VISIT THIS SITE,” Sunbelt warns.

The bank’s Web site is being used to drop all kinds of malicious software on victoms’ machines, including:

Email-Worm.Win32.Agent.l
Rootkit.Win32.Agent.dw
Rootkit.Win32.Agent.ey
Trojan-Downloader.Win32.Agent.cnh
Trojan-Downloader.Win32.Small.ddy
Trojan-Proxy.Win32.Agent.nu
Trojan-Proxy.Win32.Wopla.ag
Trojan.Win32.Agent.awz
Trojan-Proxy.Win32.Xorpix.Fam
Trojan-Downloader.Win32.Agent.ceo
Trojan-Downloader.Win32.Tibs.mt
Trojan-Downloader.Win32.Agent.boy
Trojan-Proxy.Win32.Wopla.ah
Trojan-Proxy.Win32.Wopla.ag
Rootkit.Win32.Agent.ea
Trojan.Pandex
Trojan-Proxy.Win32.Cimuz.G
TSPY_AGENT.AAVG (Trend Micro)
Trojan.Netview

“We’ve cataloged over 22 pieces of malware. Mostly spam-related malware but we did find a pinch Trojan variant,” wrote Sunbelt President Alex Eckelberry, adding that Windows computers that are fully patched should be protected against infection.

UPDATE, 10:12 a.m. ET: Eckelberry says the Bank of India site is now clean, “thanks to the hard work of a number people involved in security and takedown.”  He offered up this screen shot of the Web site: